We have implemented security management system in our company as per ISO 27001 standards. Also we have got our company certified against the standard ISO27001.
The main basis for implementation was the guideline document. The best place to start off may be buy the Information security standards which has 2 books
- First one being that it has the Security requirement which has the Domains, Sub-domains and the controls. This is the standard against which you will be audited.
- Secondly, there is a Guidelines for Implementation Booklet, which provides teh best practises. Use this to understand what controls are applicable to your organization and how to implement the controls.

Let me know if you require any further details reg. the Infoormation Secuirty Managment System